Biometrics presents an accurate method for personal identification and authentication. Biometric data that may be used for identification and authentication include, but are not limited to: facial characteristics; fingerprints; hand geometry; capillary arrangement in the retina; iris ring color; signature; vein arrangement, e.g. on the back of the hand; voice tone, pitch, cadence and frequency patterns; and DNA structure.
There are many applications where a secured identity is useful, e.g. for bank account access; security risk area access, e.g. for defense and secret or potentially dangerous research and development; restricted materials obtainment, e.g. munitions and other weapons and potentially dangerous chemicals and biologic materials; and personal information security, e.g. medical records and information. As an example, in healthcare applications, “health cards” provide a convenient method to expedite billing and claim processing, The information that can be stored includes medical history, insurance provider information and personal details. Identity theft is a serious problem in this area, as well as others, with an increasing number of patients using stolen identities to seek treatment to which they are not entitled causing financial losses to providers. Biometric identification in this area is thus an answer to increasing identity theft.
Although biometrics provides a reliable means of establishing the identity of an individual, it presents its own vulnerabilities. A current disadvantage of biometric identification is that passwords and tokens such as smart cards can be reissued or revoked easily when they are compromised; however, if a biometric template is compromised, it cannot be reissued since any given user has a limited number of biometrics. There are also pertinent issues of privacy when the same biometric is used across several applications or organizations. The major concern is the possible sharing and misuse of biometric databases between organizations and agencies without the user's knowledge. Therefore a method and system is required where the privacy and security of biometric templates is ensured. Further the system should allow re-enrollment and replacement of biometric data if the original template is compromised.
Existing literature in fact suggests “cancelable” or “private” biometrics as a method of securing biometric templates, see e.g. Ratha et al., “Enhancing Security and Privacy in Biometrics-based Authentication System”, IBM Systems Journal, Vol. 40, No. 3, pp 614-634, 2001, incorporated by reference as background art. In the Ratha et al. method, the biometric is altered using a deterministic and fixed non-invertible transformation (biometric hashing) before the template is enrolled. However, it requires that transformation parameters be stored along with the template representation. The security of this technique is based upon the assumption that the transformation function and its parameters are secret. But the transformation parameters can be compromised along with the biometric template. Furthermore, if it is required that the representation of the biometric not be changed during the process, the nature of the transformation, function or process is severely constrained. This implies that though the transformation is non-invertible in principle, it may be tractable given enough computational power.